# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved. daemon off; worker_processes 1; events { worker_connections 1024; } http { include /etc/nginx/mime.types; sendfile on; client_max_body_size 20m; fastcgi_buffers 16 64k; fastcgi_buffer_size 256k; fastcgi_read_timeout 300s; fastcgi_busy_buffers_size 384k; fastcgi_request_buffering off; proxy_connect_timeout 180s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 512k; proxy_buffers 16 4m; proxy_busy_buffers_size 16m; # if LDAP authentication is enabled, this will configure the ldap_server section include /etc/nginx/nginx_ldap_rt.conf; upstream docker-arkime { server arkime:8005; } upstream docker-malcolm-readme { server arkime:8000; } upstream docker-upload { server upload:80; } upstream docker-htadmin { server htadmin:80; } upstream docker-kibana { server kibana:5601; } upstream docker-kibana-maps { server kibana-helper:28991; } upstream docker-elasticsearch { server elasticsearch:9200; } upstream docker-logstash-stats { server logstash:9600; } upstream docker-name-map-ui { server name-map-ui:8080; } upstream docker-extracted-file-http-server { server file-monitor:8440; } # htadmin (htpasswd/user management) server { listen 488 ssl; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; location / { proxy_pass http://docker-htadmin; proxy_redirect off; proxy_set_header Host htadmin.malcolm.local; } } # Arkime interface server { listen 443 ssl; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; # use either auth_basic or auth_ldap include /etc/nginx/nginx_auth_rt.conf; # Malcolm readme location /readme { proxy_pass http://docker-malcolm-readme/README.html; proxy_redirect off; proxy_set_header Host arkime.malcolm.local; } # Malcolm file upload location /upload { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://docker-upload/; proxy_redirect off; proxy_set_header Host upload.malcolm.local; proxy_request_buffering off; proxy_buffering off; client_max_body_size 20G; } location /server/php { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://docker-upload/server/php/; proxy_redirect off; proxy_set_header Host upload.malcolm.local; proxy_request_buffering off; proxy_buffering off; client_max_body_size 20G; } # Logstash statistics location ~* ^/logstash\b(.*) { proxy_pass http://docker-logstash-stats/_node/stats$1; proxy_redirect off; proxy_set_header Host arkime.malcolm.local; } # Arkime -> Kibana shortcut location ~* ^/idmol2kib(.*) { set $filter_start_time now-1d; if ($arg_start != '') { set $filter_start_time \'$arg_start\'; } set $filter_stop_time now; if ($arg_stop != '') { set $filter_stop_time \'$arg_stop\'; } set $filter_field undefined; if ($arg_field != '') { set $filter_field $arg_field; } set $filter_value undefined; if ($arg_value != '') { set $filter_value $arg_value; } rewrite ^/idmol2kib/(.*) /kibana/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:$filter_start_time,mode:absolute,to:$filter_stop_time))&_a=(columns:!(_source),filters:!((meta:(alias:!n,disabled:!f,index:'sessions2-*',key:$filter_field,negate:!f,params:(query:'$filter_value',type:phrase),type:phrase,value:'$filter_value'),query:(match:($filter_field:(query:'$filter_value',type:phrase))))),index:'sessions2-*',interval:auto,query:(language:lucene,query:''),sort:!(firstPacket,desc)) redirect; proxy_pass http://docker-kibana; proxy_redirect off; proxy_set_header Host kibana.malcolm.local; } # Kibana -> Arkime shortcut location ~* /idkib2mol/(.*) { rewrite ^.*/idkib2mol/(.*) /sessions?expression=($1) redirect; proxy_pass http://docker-arkime; proxy_redirect off; proxy_set_header Host arkime.malcolm.local; proxy_set_header http_auth_http_user $remote_user; proxy_set_header Authorization ""; } # Kibana/Arkime -> extracted file download location ~* /dl-extracted-files/(.*) { rewrite ^.*/dl-extracted-files/(.*) /extracted-files/$1 redirect; proxy_pass http://docker-extracted-file-http-server; proxy_redirect off; proxy_set_header Host file-monitor.malcolm.local; } # already prepended /kibana to match the server.basePath in kibana's YML config file location /kibana { proxy_pass http://docker-kibana; proxy_redirect off; proxy_set_header Host kibana.malcolm.local; } # otherwise (from old kibana bookmarks), prepend /kibana to match the server.basePath in kibana's YML config file location /app { proxy_pass http://docker-kibana/kibana/app; proxy_redirect off; proxy_set_header Host kibana.malcolm.local; } # offline region maps for kibana location /world.geojson { proxy_pass http://docker-kibana-maps; proxy_redirect off; proxy_set_header Host kibana-helper.malcolm.local; } # name-map-ui (UI for mapping names to network hosts and subnets) location /name-map-ui { proxy_pass http://docker-name-map-ui/; proxy_redirect off; proxy_set_header Host name-map-ui.malcolm.local; proxy_cache off; } location ~* ^/extracted-files\b(.*) { proxy_pass http://docker-extracted-file-http-server$1; proxy_redirect off; proxy_set_header Host file-monitor.malcolm.local; } location = /favicon.ico { alias /etc/nginx/favicon.ico; } # Fix cyberchef JS module(s) # https://localhost/moloch/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js location ~* ^/moloch/session/.*/(modules/.*\.js) { proxy_hide_header Content-Type; proxy_set_header Content-Type "application/javascript"; add_header Content-Type "application/javascript"; default_type application/javascript; add_header X-Content-Type-Options 'nosniff'; proxy_pass http://docker-arkime/cyberchef/$1; proxy_redirect off; proxy_set_header Host arkime.malcolm.local; proxy_set_header http_auth_http_user $remote_user; proxy_set_header Authorization ""; } location / { proxy_pass http://docker-arkime; proxy_redirect off; proxy_set_header Host arkime.malcolm.local; proxy_set_header http_auth_http_user $remote_user; proxy_set_header Authorization ""; } } # Kibana interface server { listen 5601 ssl; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; # use either auth_basic or auth_ldap include /etc/nginx/nginx_auth_rt.conf; location = /favicon.ico { alias /etc/nginx/favicon.ico; } # Kibana -> Arkime shortcut location ~* /idkib2mol/(.*) { rewrite ^.*/idkib2mol/(.*) /sessions?expression=($1) redirect; proxy_pass http://docker-arkime; proxy_redirect off; proxy_set_header Host arkime.malcolm.local; proxy_set_header http_auth_http_user $remote_user; proxy_set_header Authorization ""; } # Kibana -> extracted file download location ~* /dl-extracted-files/(.*) { rewrite ^.*/dl-extracted-files/(.*) /extracted-files/$1 redirect; proxy_pass http://docker-extracted-file-http-server; proxy_redirect off; proxy_set_header Host file-monitor.malcolm.local; } # already prepended /kibana to match the server.basePath in kibana's YML config file location /kibana { proxy_pass http://docker-kibana; proxy_redirect off; proxy_set_header Host kibana.malcolm.local; } # otherwise prepend /kibana to match the server.basePath in kibana's YML config file location / { rewrite ^/(.*) /kibana/$1; proxy_pass http://docker-kibana; proxy_redirect off; proxy_set_header Host kibana.malcolm.local; } } # Elasticsearch API server { listen 9200 ssl; ssl_certificate /etc/nginx/certs/cert.pem; ssl_certificate_key /etc/nginx/certs/key.pem; # use either auth_basic or auth_ldap include /etc/nginx/nginx_auth_rt.conf; location = /favicon.ico { alias /etc/nginx/favicon.ico; } location / { proxy_pass http://docker-elasticsearch; proxy_redirect off; proxy_set_header Host es.malcolm.local; client_max_body_size 50m; } } }